pem service-chain-endpoint
pem service-chain-endpoint(1) BIG-IP TMSH Manual pem service-chain-endpoint(1)
NAME
service-chain-endpoint - Configures service chain endpoints for the Policy Enforcement Manager (PEM).
MODULE
pem
SYNTAX
Modify the service-chain-endpoint component within the pem module using the syntax shown in the following sections.
CREATE/MODIFY
create service-chain-endpoint [name]
modify service-chain-endpoint [name]
options:
app-service [[string] | none]
service-endpoints [add | delete | modify | replace-all-with] {
[service endpoint name ... ] {
options:
app-service [[string] | none]
forwarding-endpoint
to-endpoint [forwarding endpoint name]
from-vlan [vlan name]
http-adapt-service
internal-virtual [internal virtual server | none]
icap-type [request | response | both | none]
order [integer]
service-option [optional | mandatory]
steering-policy [policy name | none]
}
}
edit service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list service-chain-endpoint
list service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
show running-config service-chain-endpoint
show running-config service-chain-endpoint [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
DELETE
delete service-chain-endpoint [name]
Note: You must remove all references to a service-chain-endpoint before you can delete the service-chain-endpoint.
DESCRIPTION
You can use the service-chain-endpoint component to configure service-chain-endpoint definitions for the Policy Enforcement
Manager (PEM). Each service-chain-endpoint consists of one or more service-endpoints, where a service-endpoint consists of
a non-zero integer order, existing from-vlan a valid fwd-endpoint or a http-adaptation-service endpoint. When you
configure a BIG-IP that has a service-chain-endpoint with multiple service-endpoints, traffic will pass through different
endpoints choosen dynamically.
Note: You must create a valid forwarding-endpoint and a valid vlan before you can create a service-endpoint. If you are
enabling http-adapt-service, you must create Request Adapt and Response Adapt profiles and attach to the traffic virtual.
Also create an internal-virtual and enable icap profile. You must also give each service-endpoint an order from 1 up to
2^32-1. The lower the service-endpoint order is, the higher its precedence is (i.e., traffic will pass though it before
other higher order service-endpoints). Each service-endpoint has a boolean (true/false) service-option that defines what
would happen if the service-endpoint is down. If service-option is mandatory, the traffic flow is dropped if the service-
endpoint is down. If service-option is optional, the traffic flow will be bypassed to the next available service-endpoint.
For more information about how to create a vlan, please refer to net vlan. Also please refer to pem forwarding-endpoint
for more information about how to create a pem forwarding-endpoint.
EXAMPLES
create service-chain-endpoint chain1 service-endpoints add { ser_ep1 { order 10 from-vlan vlan1 forwarding-endpoint { to-
endpoint fw_ep1 } service-option optional } ser_ep2 { order 5 from-vlan vlan2 http-adapt-service {internal-virtual iv1}
service-option mandatory } }
Creates a PEM service-chain-endpoint named chain1 that has two service-endpoints: ser_ep1 and ser_ep2. The first ser_ep1
has an order of 10 and is optional and has forwarding-endpoint with to-endpoint fw_ep1, type transparent and vlan1 as a
from-vlan. The second ser_ep2 has an order of 5 is mandatory and has http-adapt-service enabled with ivs1 as internal-
server and vlan2 as a from-vlan. Note that ser_ep2 will precede ser_ep1 because the lower the service-endpoint order is,
the higher its precedence is.
delete service-chain-endpoint chain1
Deletes the service-chain-endpoint named chain1.
list service-chain-endpoint chain1
Displays the properties of the service-chain-endpoint named chain1.
OPTIONS
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
object. Only the application service can modify or delete the object.
service-endpoints
Adds, deletes, or replaces a set of the service endpoints by specifying a series of service-endpoint names. If any of
these names did not exist before, then new names will be created. Each service-endpoint is identified by a vlan and a
forwarding-endpoint.
app-service
Specifies the name of the application service to which the object belongs. The default value is none. Note: If
the strict-updates option is enabled on the application service that owns the object, you cannot modify or delete
the object. Only the application service can modify or delete the object.
forwarding-endpoint
Specifies the forwarding endpoint attributes to be set. The below attributes can be set:
to-endpoint
This is a default endpoint that will be chosen if steering policy is not configured. You have to create a
valid PEM forwarding-endpoint before you can add to-endpoint to a service-endpoint.
from-vlan
Specifies the vlan that the traffic will come from toward the service-endpoint. Note: The vlan has to exist
before you can create a from-vlan field.
http-adapt-service
Specifies the option to set attributes for http adapt services. Below are the attributes that can be set.
internal-virtual
This is the internal virtual on which icap is enabled. You have to create the internal-virtual and assign
icap profile before adding here.
icap-type
Defines the ICAP adaptation type: request only adaptation, request and response adaptation or both types of
adaptations combined.
order
Specifies the order of the service-endpoint among other service-endpoints. The lower the service-endpoint's order
is, the more precedence it has (i.e., the traffic will go through the lowest-ordered service-endpoint first, then
through higher order service-endpoint, ... etc.).
service-option
Specifies the behavior when a service-endpoint is not available (i.e., is down). This option is limited when ICAP
is defined as the service-endpoint and will not apply if the ICAP service is unavailable. You can configure the
following options:
mandatory
If the service-endpoint is down, the traffic flow is dropped.
optional
If the service-endpoint is down, the traffic flow will be bypassed to the next available service-endpoint.
steering-policy
If the steering policy is configured, the policy is evaluated and if steering is enabled the flow will be steered
to the corresponding endpoint.
SEE ALSO
create, delete, edit, glob, list, modify, pem forwarding-endpoint, pem interception-endpoint, pem listener, pem policy, pem
profile diameter-endpoint, pem profile spm, pem reporting format-script, pem subscriber, pem subscribers, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2012. All rights reserved.
BIG-IP 2016-01-07 pem service-chain-endpoint(1)